[openssl-users] FIPS: Using FIPS_post_set_callback() to capture all errors
jonetsu at teksavvy.com
Fri Apr 10 18:10:28 UTC 2015
>From fips_test_suite.c, does the use of FIPS_POST_FAIL be cover
all types of FIPS errors ?
While FIPS_POST_FAIL would be about POST failures, what would the
corruption referred-to by FIPS_POST_CORRUPT ? Is it likely to be
encountered in a production environment ?
When a FIPS_POST_FAIL is encountered, the test_suite returns a 1.
A 0 is returned when an expected failure occurs in
FIPS_POST_CORRUPT, otherwise a 1. Is this behaviour of returning
1 when an error is encountered only a test suite practice, or
should it be also used in production ? Eg. will the return value
influence the behavior of OpenSSL when an error happens (eg. not
allowing any crypto from then on) ?
More information about the openssl-users